Stanford » Webauth » 3.6.1 : Security Vulnerabilities, CVEs,

cpe:2.3:a:stanford:webauth:3.6.1:*:*:*:*:*:*:*

CVE-2013-2106

webauth before 4.6.1 has authentication credential disclosure
Max CVSS
7.5
EPSS Score
0.43%
Published
2019-12-03
Updated
2019-12-10

CVE-2009-2945

weblogin/login.fcgi (aka the WebLogin login script) in Stanford University WebAuth 3.5.5, 3.6.0, and 3.6.1 places passwords in URLs in certain circumstances involving conversion of a POST request to a GET request, which allows context-dependent attackers to discover passwords by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.
Max CVSS
4.3
EPSS Score
0.16%
Published
2009-09-15
Updated
2009-09-16
2 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close